I'm trying to word my SQL query so that it won't fail when someone decides to input either a quote or an apostrophe. The problem is that I think I have to either put quotes or apostrophes around my query for it to function properly.
The user enters a value and it should be able to add to the database regardless of what they enter. How can I accomplish this?
$update and $default are the variables. Thank you.
Here's what I have for the query:
$query = "UPDATE table SET col1 = '$update1', Default = '$default1', SortSearch = $sorting1, Width = $width1 WHERE UserID = $userID";